Fixing glib2.0 CVE-2024-34397 in buster
Markus Koschany
apo at debian.org
Mon May 13 19:00:16 BST 2024
Hello Simon,
thank you very much for preparing this update.
Am Freitag, dem 10.05.2024 um 16:02 +0100 schrieb Simon McVittie:
> [...]
>
> I would recommend testing:
>
> * build-time tests
All tests pass except of
165/258 glib:gio / live-g-file FAIL 0.07 s (killed by
signal 6 SIGABRT)
when I build the package with sbuild in a clean chroot on my laptop. This is
reproducible on my system. However building glib2.0 inside a normal schroot
environment works for me. Since it is unrelated to the fix I assume this is
some sort of flaky test and it does not fail on the official buildd servers?
> * autopkgtest
works
>
> * general use of GNOME
>
> * gnome-shell: whatever screen recording or screencasting functionality was
> present in buster, if any (I don't remember what was offered in 3.30.x)
>
> * ibus: Compose key, dead keys, and ideally non-Latin input
> (e.g. Japanese with mozc)
I have tested the update on a real system with a German keyboard layout and
screen recording, umlauts, dead keys work as expected.
Do you want to upload the security update to buster-security yourself or do you
want me to take care of it?
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20240513/f4e96494/attachment.sig>
More information about the pkg-gnome-maintainers
mailing list